CVE Catalog

CVE-2023-37904

LowCVSS 2.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

Discourse is an open source discussion platform, where prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in versions 3.0.6 and 3.1.0.beta7.

Risk Assessment

Organizations may be exposed to unauthorized user account creation, which could lead to abuse and data security issues.

Recommendation

It is recommended to upgrade to version 3.0.6 or 3.1.0.beta7. As a workaround, restrict invites to email addresses.

Original NVD description (English source)

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS